CVE-2004-1370

3 documents3 sources

Severity

7.5HIGH

EPSS

1.8%

top 17.17%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Application Server Oracle Collaboration Suite Oracle E-business Suite +6 more

Timeline

PublishedAug 4

Latest updateApr 29

Description

Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitrary SQL commands and gain privileges via (1) DBMS_EXPORT_EXTENSION, (2) WK_ACL.GET_ACL, (3) WK_ACL.STORE_ACL, (4) WK_ADM.COMPLETE_ACL_SNAPSHOT, (5) WK_ACL.DELETE_ACLS_WITH_STATEMENT, or (6) DRILOAD.VALIDATE_STMT.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages9 packages

▶NVDoracle/oracle8i19 versions+18

▶NVDoracle/oracle9i36 versions+35

▶NVDoracle/oracle10g6 versions+5

▶NVDoracle/e-business_suite9 versions+8

▶NVDoracle/application_server11 versions+10

Patches

Patch: www.ngssoftware.com ↗Patch: www.oracle.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-wcpw-pcq8-4pwf: Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitr↗2022-04-29

▶

CVEList

CVE-2004-1370: Multiple SQL injection vulnerabilities in PL/SQL procedures that run with definer rights in Oracle 9i and 10g allow remote attackers to execute arbitr↗2005-01-19

▶